Forum: Ruby on Rails Using before_filter to load owner objects

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
9ae68be4f6aff5c6aa7a0eb7087251e9?d=identicon&s=25 PeteSalty (Guest)
on 2007-02-08 22:58
(Received via mailing list)
We're trying to secure our application and someone yesterday suggested
a good idea.

Say we have blogs that belog to users our models would be something

class User < ActiveRecord::Base
  has_many :blogs

class Blog <ActiveRecord::Base
  belongs_to :user

we already have an authentication system inplace and on top of that we
have been doing something like

@blog = Blog.find(:first, :conditions => ["user_id = ?",

but someone suggested using something like

before_filter {|cntrlr| cntrlr.user = User.find(session[:user_id]) }

in the controller so that we could make a call like

@blog = @user.blogs.find(:first)

(Actually they suggested that we place it in the application.rb but
not all of our objects have users.)

However, if we place it in the blog controller, like:

class NotebooksController < ApplicationController

  before_filter { |ctrl| crtl.user = User.find(session[:user_id]) }


we get the folowing error:

    undefined method `owner=' for NotebooksController:Class

I'm still a little new to this so I don't really understand what's
going on here or how to make it work (assuming that I can and the
person who suggested this isn't leading me up the path). I understand
that there isn't an 'owner=' function defined for the controller, but
shouldn't ther be one for the model, or am I completely lost?

67f61f0c385168c4b2e5b8fd733c397f?d=identicon&s=25 Christos Zisopoulos (Guest)
on 2007-02-09 01:44
(Received via mailing list)

Where are you calling '.owner'?

If you are trying to get the User of a specific Blog associations
work like this:

User.find(:first).blogs   # returns an Array of Blog

Blog.find(:first).user    # returns the User that the Blog belongs to.

No, 'owner' method is created by using has_many/belongs_to.

This topic is locked and can not be replied to.